Rogue:W32/Renos

Classification

Malware

Rogue

W32

Rogue:W32/Renos, Trojan.Renos, Trojan-Downloader:W32/renos.gen!c

Summary

Dishonest antivirus software which tricks users into buying or installing it, usually by infecting a user's computer, or by pretending the computer is infected.

Removal

Automatic action

Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

Manual Disinfection

In certain circumstances, F-Secure Anti-Virus may not be able to automatically remove files; the user must manually select the correct disinfection action before the antivirus program will proceed.

If a file detected as not-virus:Hoax.Win32.Renos is an executable with a DLL or EXE extension, and is located in Windows, Windows System or in a root folder of C: drive, this file can be safely deleted or renamed.

Find out more

Knowledge Base

Find the latest advice in our Community Knowledge Base.

User Guide

See the user guide for your product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

Rogue:W32/Renos is program that displays annoying fake security warnings. The aim of this software is to trick a computer user to download third-party cleaning utilities, usually anti-spyware scanners.

Installation

The Renos executable file is usually dropped by malicious websites onto the computer system. It may also be delivered in the payload of a trojan.

Typically when a Renos' executable file is run, it drops a DLL file into Windows System folder and registers it as a system component. The DLL is the main Renos component.

Activity

When active, Renos shows a blinking icon in System Tray and periodically (actually quite often to be annoying) shows a fake security warning:

When a user clicks on this alert, his web browser is redirected to a website that offers a cleaning utility (usually anti-adware) for download.

Date Created: -

Date Last Modified: -